This agreement explains our role as a data processor, your rights as the data controller, and the safeguards we apply to protect sensitive information.
For the purposes of data protection laws, your organization is the data controller, and Blackbook is the data processor. You determine the purpose and means of processing personal data, and we process it only on your instructions.
We process customer data solely to provide our services, including eligibility checks, insights, and reporting. We do not use customer data for marketing, resale, or unrelated purposes.
We maintain technical and organizational measures to protect customer data, including encryption in transit and at rest, role-based access controls, and monitoring of our systems for unauthorized access.
We may engage carefully selected sub-processors (such as hosting or cloud infrastructure providers) to support our services. All sub-processors are bound by written agreements that provide the same level of data protection as this DPA.
We assist you in fulfilling data subject rights requests, including access, correction, deletion, and portability, to the extent permitted by law and feasible within the platform.
If customer data is transferred outside of the region where it originated, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.
This agreement remains in effect for as long as we process customer data on your behalf. Upon termination of services, we will delete or return all customer data, unless retention is required by law.
Questions about this Data Processing Agreement? Contact us at info@blackbookdata.io.
Verify coverage, learn what payers historically pay, and forecast revenue with a single tool.
